org.apache.pulsar:pulsar-functions-worker@2.0.1-incubating vulnerabilities
latest version
4.0.1
latest non vulnerable version
first published
6 years ago
latest version published
1 months ago
licenses detected
- [2.0.0-rc1-incubating,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.pulsar:pulsar-functions-worker package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Incorrect Authorization. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. Note: This vulnerability is mitigated by the fact that there is no known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability. How to fix Incorrect Authorization? Upgrade | [,2.10.4)[2.11,2.11.1) |